ilia
08914dc469
# Structured Logging System Implementation ## Summary Implements a comprehensive structured logging system to replace verbose console.* calls throughout the codebase, addressing all cleanup tasks from CLEANUP.md. ## What Changed ### Core Features - ✅ **Structured Logging System** - New `lib/logger.ts` with DEBUG, INFO, WARN, ERROR levels - ✅ **Environment-Based Control** - `LOG_LEVEL` env var controls verbosity (DEBUG/INFO/WARN/ERROR/NONE) - ✅ **JSON Logging Option** - `LOG_FORMAT=json` for structured JSON output - ✅ **Shared Constants** - Extracted session cookie name to `lib/constants.ts` ### Code Refactoring - ✅ Replaced all `console.*` calls in API routes with structured logger - ✅ Refactored `activity-log.ts` to use new logger system - ✅ Reduced verbose logging in auth, photos page, and upload routes - ✅ Updated proxy.ts to use structured logging - ✅ Removed unused legacy `/api/photos` route (replaced by `/api/photos/upload`) ### Security Improvements - ✅ Protected `/api/debug/session` endpoint with admin-only access - ✅ Added proper error logging with structured context ### Documentation - ✅ Documented multiple upload routes usage - ✅ Enhanced watch-activity.sh script documentation - ✅ Updated README.md with upload endpoint information - ✅ Added configuration documentation to next.config.ts ### Testing - ✅ Added 23 tests for logger system - ✅ Added 8 tests for refactored activity-log - ✅ All 43 tests passing ## Benefits 1. **Production-Ready Logging** - Environment-based control, defaults to INFO in production 2. **Reduced Verbosity** - DEBUG logs only show in development or when explicitly enabled 3. **Structured Output** - JSON format option for log aggregation tools 4. **Better Organization** - Shared constants, consistent logging patterns 5. **Improved Security** - Debug endpoint now requires admin access ## Testing ### Manual Testing - ✅ Server builds successfully - ✅ All tests pass (43/43) - ✅ Type checking passes - ✅ Linting passes - ✅ Production server runs with logs visible - ✅ Log levels work correctly (DEBUG shows all, INFO shows activity, etc.) ### Test Coverage - Logger system: 100% coverage - Activity log: 100% coverage - All existing tests still pass ## Configuration ### Environment Variables ```bash # Control log verbosity (DEBUG, INFO, WARN, ERROR, NONE) LOG_LEVEL=INFO # Use structured JSON logging LOG_FORMAT=json ``` ### Defaults - Development: `LOG_LEVEL=DEBUG` (shows all logs) - Production: `LOG_LEVEL=INFO` (shows activity and above) ## Migration Notes - No breaking changes (legacy route was unused) - All existing functionality preserved - Logs are now structured and filterable - Debug endpoint now requires admin authentication - Legacy `/api/photos` endpoint removed (use `/api/photos/upload` instead) ## Checklist - [x] All console.* calls replaced in API routes - [x] Logger system implemented with tests - [x] Activity logging refactored - [x] Debug endpoint protected - [x] Documentation updated - [x] All tests passing - [x] Type checking passes - [x] Linting passes - [x] Build succeeds - [x] Manual testing completed ## Related Issues Addresses cleanup tasks from CLEANUP.md: - Task 1: Verbose logging in production ✅ - Task 2: Activity logging optimization ✅ - Task 3: Upload verification logging ✅ - Task 4: Middleware debug logging ✅ - Task 5: Legacy upload route documentation ✅ - Task 6: Multiple upload routes documentation ✅ - Task 7: Cookie name constant extraction ✅ - Task 8: Next.js config documentation ✅ - Task 9: ARCHITECTURE.md (already correct) ✅ - Task 10: Watch activity script documentation ✅ Reviewed-on: #4
211 lines
6.3 KiB
TypeScript
211 lines
6.3 KiB
TypeScript
import { NextRequest, NextResponse } from "next/server"
|
|
import { auth } from "@/lib/auth"
|
|
import { prisma } from "@/lib/prisma"
|
|
import { sendNewPhotoEmail } from "@/lib/email"
|
|
import { logActivity } from "@/lib/activity-log"
|
|
import { logger } from "@/lib/logger"
|
|
import { writeFile } from "fs/promises"
|
|
import { join } from "path"
|
|
import { existsSync, mkdirSync } from "fs"
|
|
import { createHash } from "crypto"
|
|
|
|
export async function POST(req: NextRequest) {
|
|
try {
|
|
const session = await auth()
|
|
|
|
if (!session) {
|
|
return NextResponse.json({ error: "Unauthorized" }, { status: 401 })
|
|
}
|
|
|
|
const formData = await req.formData()
|
|
const file = formData.get("file") as File | null
|
|
const answerName = formData.get("answerName") as string | null
|
|
const pointsStr = formData.get("points") as string | null
|
|
const maxAttemptsStr = (formData.get("maxAttempts") as string)?.trim() || ""
|
|
|
|
if (!answerName) {
|
|
return NextResponse.json(
|
|
{ error: "Answer name is required" },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
|
|
// Validate points (must be positive integer, default to 1)
|
|
const pointsValue = pointsStr ? Math.max(1, parseInt(pointsStr, 10)) : 1
|
|
const maxAttemptsValue = maxAttemptsStr && parseInt(maxAttemptsStr, 10) > 0
|
|
? parseInt(maxAttemptsStr, 10)
|
|
: null
|
|
|
|
let photoUrl: string
|
|
let fileHash: string | null = null
|
|
|
|
if (file) {
|
|
// Handle file upload
|
|
if (!file.type.startsWith("image/")) {
|
|
return NextResponse.json(
|
|
{ error: "File must be an image" },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
|
|
// Check file size (max 10MB)
|
|
if (file.size > 10 * 1024 * 1024) {
|
|
return NextResponse.json(
|
|
{ error: "File size must be less than 10MB" },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
|
|
const bytes = await file.arrayBuffer()
|
|
const buffer = Buffer.from(bytes)
|
|
|
|
// Calculate SHA256 hash for duplicate detection
|
|
fileHash = createHash("sha256").update(buffer).digest("hex")
|
|
|
|
// Check for duplicate file
|
|
const existingPhoto = await prisma.photo.findFirst({
|
|
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
|
where: { fileHash } as any,
|
|
})
|
|
|
|
if (existingPhoto) {
|
|
return NextResponse.json(
|
|
{ error: "This photo has already been uploaded (duplicate file detected)" },
|
|
{ status: 409 }
|
|
)
|
|
}
|
|
|
|
// Generate unique filename
|
|
const timestamp = Date.now()
|
|
const randomStr = Math.random().toString(36).substring(2, 15)
|
|
// Sanitize extension - only allow alphanumeric characters
|
|
const rawExtension = file.name.split(".").pop() || "jpg"
|
|
const extension = rawExtension.replace(/[^a-zA-Z0-9]/g, "").toLowerCase() || "jpg"
|
|
const filename = `${timestamp}-${randomStr}.${extension}`
|
|
|
|
// Ensure uploads directory exists
|
|
const uploadsDir = join(process.cwd(), "public", "uploads")
|
|
if (!existsSync(uploadsDir)) {
|
|
mkdirSync(uploadsDir, { recursive: true })
|
|
// DEBUG level: directory creation is normal operation
|
|
logger.debug("Created uploads directory", { path: uploadsDir })
|
|
}
|
|
|
|
// Filename is generated server-side (timestamp + random), safe for path.join
|
|
const filepath = join(uploadsDir, filename)
|
|
await writeFile(filepath, buffer)
|
|
|
|
// Verify file was written successfully
|
|
const { access } = await import("fs/promises")
|
|
try {
|
|
await access(filepath)
|
|
// DEBUG level: file save verification is normal operation
|
|
logger.debug("File saved successfully", { filepath })
|
|
} catch (error) {
|
|
// ERROR level: file write failure is an error condition
|
|
logger.error("File write verification failed", {
|
|
filepath,
|
|
error: error instanceof Error ? error : new Error(String(error)),
|
|
})
|
|
throw new Error("Failed to save file to disk")
|
|
}
|
|
|
|
// Set URL to the uploaded file - use API route to ensure it's accessible
|
|
photoUrl = `/api/uploads/${filename}`
|
|
} else {
|
|
// Handle URL upload (fallback)
|
|
const url = formData.get("url") as string | null
|
|
if (!url) {
|
|
return NextResponse.json(
|
|
{ error: "Either file or URL is required" },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
photoUrl = url
|
|
|
|
// Check for duplicate URL
|
|
const existingPhoto = await prisma.photo.findFirst({
|
|
where: { url: photoUrl },
|
|
})
|
|
|
|
if (existingPhoto) {
|
|
return NextResponse.json(
|
|
{ error: "This photo URL has already been uploaded (duplicate URL detected)" },
|
|
{ status: 409 }
|
|
)
|
|
}
|
|
}
|
|
|
|
const photo = await prisma.photo.create({
|
|
data: {
|
|
uploaderId: session.user.id,
|
|
url: photoUrl,
|
|
fileHash,
|
|
answerName: answerName.trim(),
|
|
points: pointsValue,
|
|
maxAttempts: maxAttemptsValue,
|
|
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
|
} as any,
|
|
include: {
|
|
uploader: {
|
|
select: {
|
|
name: true,
|
|
},
|
|
},
|
|
},
|
|
})
|
|
|
|
// Send emails to all other users
|
|
const allUsers = await prisma.user.findMany({
|
|
where: {
|
|
id: { not: session.user.id },
|
|
},
|
|
select: {
|
|
id: true,
|
|
email: true,
|
|
name: true,
|
|
},
|
|
})
|
|
|
|
// Send emails asynchronously (don't wait for them)
|
|
Promise.all(
|
|
allUsers.map((user: { id: string; email: string; name: string }) =>
|
|
sendNewPhotoEmail(user.email, user.name, photo.id, photo.uploader.name).catch(
|
|
(err) => {
|
|
logger.error("Failed to send email", {
|
|
email: user.email,
|
|
photoId: photo.id,
|
|
error: err instanceof Error ? err : new Error(String(err)),
|
|
})
|
|
}
|
|
)
|
|
)
|
|
)
|
|
|
|
// Log photo upload activity
|
|
logActivity(
|
|
"PHOTO_UPLOAD",
|
|
"/api/photos/upload",
|
|
"POST",
|
|
session.user,
|
|
{
|
|
photoId: photo.id,
|
|
answerName: photo.answerName,
|
|
points: photo.points,
|
|
filename: photoUrl.split("/").pop()
|
|
},
|
|
req
|
|
)
|
|
|
|
return NextResponse.json({ photo }, { status: 201 })
|
|
} catch (error) {
|
|
logger.error("Error uploading photo", {
|
|
error: error instanceof Error ? error : new Error(String(error)),
|
|
})
|
|
return NextResponse.json(
|
|
{ error: "Internal server error" },
|
|
{ status: 500 }
|
|
)
|
|
}
|
|
}
|